Primary Navigation

the next step: p2p viruses?

Hi all, Just a neat idea that I was thinking about this morning... Someone is probably going to create some viruses that create a p2p network(s) between

Message 1 of 4
, Feb 15, 2001

0 Attachment

Hi all,

Just a neat idea that I was thinking about this morning...

Someone is probably going to create some viruses that create a p2p
network(s) between infected computers. It should be easy if the virus
simply remembers the IP address of the last computer it infected - then a
back link could be created from a new infection to the previous infection in
order to get connect to the cloud of the p2p virus. In order to prevent the
tracing of the source the links should vary with time.

Then I was trying to think of what advantages a p2p virus would have over
just simple normal email viruses. I think it might be that it could take
advantage of the CPU cycles of all the computers in the p2p virus network.
Basically it could function as a huge genetic algorithm / genetic program
and try to evolve different types of viruses though a mutation and selection
process within and between the computers. This wasn't possible before since
GA's/GP's suck computing power at a tremendous rate - but almost all GA/GP
methods are easily and efficiently implemented in parallel. Also the most
efficient solutions could instantly start to propagate from multiple nodes
at once - a new variant wouldn't only have one initial starting point, it
could start at a subset of the nodes already in the p2p virus network.

DISCLAIMER: I feel it is okay to discuss these things since I think that
someone will write one if it is actually possible with or without me
discussing the possibility. I think that if we discuss it freely we can
figure out if it is a real or simply imagined threat and how we could
possibly counter something like this. A quick guess would be that a p2p
collaborative anti-virus system might be the best counter... ;-)

... And they may already have. The dumb virus implementations have immediate and sensational results, and so are easily identified and caught. The smart ones

Message 2 of 4
, Feb 15, 2001

0 Attachment

>Someone is probably going to create some viruses that create a p2p
>network(s) between infected computers.

And they may already have. The dumb virus implementations have immediate
and sensational results, and so are easily identified and caught. The smart
ones wouldn't make themselves so immediately obvious and harmful. In
nature, an organism is infected for some time before it is aware of the
infection, which gives the virus more time to propagate and to spread to
other hosts. A successful Internet virus would have to do the same.

>Then I was trying to think of what advantages a p2p virus would have over
>just simple normal email viruses. I think it might be that it could take
>advantage of the CPU cycles of all the computers in the p2p virus network.
>Basically it could function as a huge genetic algorithm / genetic program
>and try to evolve different types of viruses though a mutation and selection
>process within and between the computers.

They could be small and not rely on user actions to propagate.

Thomas Ray's Tierra system of evolving code might work over networks, for
example.

The virus may have no other 'purpose' than to survive and propagate, or it
may have designed functions such as parasiting on resources or collecting
data.

Maybe we should start thinking in terms of contagious parasites rather than
viruses.

>GA's/GP's suck computing power at a tremendous rate - but almost all GA/GP
>methods are easily and efficiently implemented in parallel. Also the most
>efficient solutions could instantly start to propagate from multiple nodes
>at once - a new variant wouldn't only have one initial starting point, it
>could start at a subset of the nodes already in the p2p virus network.

Programmers with truly insidious intentions could take approachers that are
a lot smarter than the virus writers that have so far caught world-wide
attention. The inital infection could be started by distributing incomplete
organisms (DNA fragments) that propagate independently and combine within a
host to create the complete virus at some later time, thus hiding its
origin. The could could ride in executables that have other benign or
pleasant overt effects.

>DISCLAIMER: I feel it is okay to discuss these things since I think that
>someone will write one if it is actually possible with or without me
>discussing the possibility.

Such discussion is beneficial, I would think. Awareness of the possible
threat is the first step toward defense. Even though this might inspire one
or more virus writers, it also alerts very many more potential victims.

Joe Repka

Ben Houston

... I understand what you are saying. Basically you simply want the initial virus to setup all the computers are potential hosts. The actual resource usage

Message 3 of 4
, Feb 16, 2001

0 Attachment

> The virus may have no other 'purpose' than to survive and propagate, or it
> may have designed functions such as parasiting on resources or collecting
> data.

I understand what you are saying. Basically you simply want the initial
virus to setup all the computers are potential hosts. The actual resource
usage part of the virus could come later after the whole network of hosts
has been setup. Strange idea.

> Maybe we should start thinking in terms of contagious parasites rather

than

> viruses.

I understand this might be like plasmids (extra-chromosomal DNA) being
exchanged laterally through a network of living bacteria cells. First the
network of living cells is established and then it starts to change though
the exchange of information laterally. Thus maybe it could be termed a
"parasitic (bacterial) colony"?

> The could could ride in executables that have other benign or
> pleasant overt effects.

That was the problem with the recent "SexyFun" virus/worm. It was hidden in
a somewhat lame screen saver from what I understand.

A PhD friend of mine, Hassan Masum, who I mentioned this to a few days ago
mentioned that the viruses could watch over each other. Pretty much someone
could prevent one user from removing the virus by holding the other
computers' data hostage. I guess a dialog would put up and the virus would
inform the user "disinfect this computer and three others get their data
trashed." Unfortunately, it is assuming always up connectivity - otherwise
a temporary Internet service interruption will cause it to trigger.

> Such discussion is beneficial, I would think. Awareness of the possible
> threat is the first step toward defense. Even though this might inspire

one

> or more virus writers, it also alerts very many more potential victims.

Actually I was reading a book earlier this year that proposed this idea in
some ways. It was called "Darwin Among the Machines." It proposed that AI
would develop within our networks through evolution before we are able to
engineer it ourselves. Basically it was sort of saying that since we do not
know how or understand how something will "live" within our networks thus
evolution is the only alternative. I didn't really buy it at the time - and
even now I still don't.

>Someone is probably going to create some viruses that create a p2p
>network(s) between infected computers.

And they may already have. The dumb virus implementations have immediate
and sensational results, and so are easily identified and caught. The smart
ones wouldn't make themselves so immediately obvious and harmful. In
nature, an organism is infected for some time before it is aware of the
infection, which gives the virus more time to propagate and to spread to
other hosts. A successful Internet virus would have to do the same.

>Then I was trying to think of what advantages a p2p virus would have over
>just simple normal email viruses. I think it might be that it could take
>advantage of the CPU cycles of all the computers in the p2p virus network.
>Basically it could function as a huge genetic algorithm / genetic program
>and try to evolve different types of viruses though a mutation and

selection

>process within and between the computers.

They could be small and not rely on user actions to propagate.

Thomas Ray's Tierra system of evolving code might work over networks, for
example.

The virus may have no other 'purpose' than to survive and propagate, or it
may have designed functions such as parasiting on resources or collecting
data.

Maybe we should start thinking in terms of contagious parasites rather than
viruses.

>GA's/GP's suck computing power at a tremendous rate - but almost all GA/GP
>methods are easily and efficiently implemented in parallel. Also the most
>efficient solutions could instantly start to propagate from multiple nodes
>at once - a new variant wouldn't only have one initial starting point, it
>could start at a subset of the nodes already in the p2p virus network.

Programmers with truly insidious intentions could take approachers that are
a lot smarter than the virus writers that have so far caught world-wide
attention. The inital infection could be started by distributing incomplete
organisms (DNA fragments) that propagate independently and combine within a
host to create the complete virus at some later time, thus hiding its
origin. The could could ride in executables that have other benign or
pleasant overt effects.

>DISCLAIMER: I feel it is okay to discuss these things since I think that
>someone will write one if it is actually possible with or without me
>discussing the possibility.

Such discussion is beneficial, I would think. Awareness of the possible
threat is the first step toward defense. Even though this might inspire one
or more virus writers, it also alerts very many more potential victims.

... I don t believe in GAs, but what if the creators issued updates to the worm over the P2P net as fast as the antivirus companies issued signature updates?

Message 4 of 4
, Feb 19, 2001

0 Attachment

--- In decentralization@y..., "Ben Houston" <ben@e...> wrote:

> Someone is probably going to create some viruses that create a p2p
> network(s) between infected computers. It should be easy if the virus
> simply remembers the IP address of the last computer it infected - then a
> back link could be created from a new infection to the previous infection in
> order to get connect to the cloud of the p2p virus.

I don't believe in GAs, but what if the creators issued updates to the worm
over the P2P net as fast as the antivirus companies issued signature
updates?

Wesley Felter, wondering how long it will be until I see Usenet messages
signed "Death to vermin"

Your message has been successfully submitted and would be delivered to recipients shortly.